From 729e01c89675d37642417743ba9615a7f9bf6d3c Mon Sep 17 00:00:00 2001
From: karuo <zhiqun@qq.com>
Date: Sun, 22 Feb 2026 06:08:27 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=84=20=E5=8D=A1=E8=8B=A5AI=20=E5=90=8C?=
 =?UTF-8?q?=E6=AD=A5=202026-02-22=2006:08=20|=20=E6=9B=B4=E6=96=B0?=
 =?UTF-8?q?=EF=BC=9A=E9=87=91=E4=BB=93=E3=80=81=E8=BF=90=E8=90=A5=E4=B8=AD?=
 =?UTF-8?q?=E6=9E=A2=E5=B7=A5=E4=BD=9C=E5=8F=B0=20|=20=E6=8E=92=E9=99=A4?=
 =?UTF-8?q?=20>20MB:=205=20=E4=B8=AA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../references/宝塔_域名无法访问_lkdie_lytiao_诊断与修复.md |  11 +-
 .../服务器管理/scripts/宝塔_修复lkdie_lytiao_终端执行.sh |  43 ++++++++
 .../服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py | 103 ++++++++++++++++++
 运营中枢/工作台/gitea_push_log.md             |   1 +
 运营中枢/工作台/代码管理.md                   |   1 +
 5 files changed, 157 insertions(+), 2 deletions(-)
 create mode 100644 01_卡资（金）/金仓_存储备份/服务器管理/scripts/宝塔_修复lkdie_lytiao_终端执行.sh
 create mode 100644 01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py

diff --git a/01_卡资（金）/金仓_存储备份/服务器管理/references/宝塔_域名无法访问_lkdie_lytiao_诊断与修复.md b/01_卡资（金）/金仓_存储备份/服务器管理/references/宝塔_域名无法访问_lkdie_lytiao_诊断与修复.md
index cabcf015..2378b68f 100644
--- a/01_卡资（金）/金仓_存储备份/服务器管理/references/宝塔_域名无法访问_lkdie_lytiao_诊断与修复.md
+++ b/01_卡资（金）/金仓_存储备份/服务器管理/references/宝塔_域名无法访问_lkdie_lytiao_诊断与修复.md
@@ -108,7 +108,14 @@ openssl x509 -in /www/server/panel/vhost/cert/www.lkdie.com/fullchain.pem -noout
 
 | 脚本/文档 | 用途 |
 |-----------|------|
-| `scripts/kr宝塔_SSH登录.sh` | 远程执行命令（SSH 可用时） |
+| **`scripts/腾讯云_TAT_修复lkdie_lytiao.py`** | **免 SSH 一键修复**（腾讯云 TAT，推荐） |
+| `scripts/宝塔_修复lkdie_lytiao_终端执行.sh` | 宝塔面板 → 终端 复制粘贴执行 |
 | `scripts/kr宝塔_宝塔API_修复502.py` | 通过宝塔 API 重启 Nginx（需 API 白名单） |
 | `references/SSH登录方式与故障排查.md` | SSH 登录与 fail2ban 解封 |
-| `references/kr宝塔_网络与服务器卡顿_检查与处理.md` | 502 修复、带宽排查 |
+
+**一键修复命令**（本机执行）：
+```bash
+cd "/Users/karuo/Documents/个人/卡若AI"
+./01_卡资（金）/金仓_存储备份/服务器管理/scripts/.venv_tx/bin/python \
+  "01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py"
+```
diff --git a/01_卡资（金）/金仓_存储备份/服务器管理/scripts/宝塔_修复lkdie_lytiao_终端执行.sh b/01_卡资（金）/金仓_存储备份/服务器管理/scripts/宝塔_修复lkdie_lytiao_终端执行.sh
new file mode 100644
index 00000000..71e29bf1
--- /dev/null
+++ b/01_卡资（金）/金仓_存储备份/服务器管理/scripts/宝塔_修复lkdie_lytiao_终端执行.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+# 在 kr宝塔 宝塔面板 → 终端 全文复制粘贴执行
+# 修复：lkdie.com 502 + lytiao.com ERR_CONNECTION_CLOSED
+
+set -e
+echo "=== 1. 重载 Nginx + 重启 PHP-FPM（修复 lkdie 502）==="
+nginx -t && nginx -s reload
+for svc in php-fpm-56 php-fpm-74 php-fpm-80 php-fpm-82 php-fpm php-fpm7.4 php-fpm8.0; do
+  systemctl restart $svc 2>/dev/null && echo "  已重启 $svc" && break
+done
+echo "  Nginx 已重载"
+
+echo ""
+echo "=== 2. 添加 lytiao.com / www.lytiao.com 跳转配置（修复 ERR_CONNECTION_CLOSED）==="
+CONF="/www/server/panel/vhost/nginx/lytiao_root.conf"
+if [ -f "$CONF" ]; then
+  echo "  配置已存在，跳过"
+else
+  cat > "$CONF" << 'NGX'
+server {
+    listen 80;
+    listen [::]:80;
+    server_name lytiao.com www.lytiao.com;
+    return 301 https://zhijipro.lytiao.com$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name lytiao.com www.lytiao.com;
+    ssl_certificate    /www/server/panel/vhost/cert/zhijipro.lytiao.com/fullchain.pem;
+    ssl_certificate_key /www/server/panel/vhost/cert/zhijipro.lytiao.com/privkey.pem;
+    return 301 https://zhijipro.lytiao.com$request_uri;
+}
+NGX
+  echo "  已创建 $CONF"
+fi
+
+echo ""
+echo "=== 3. 再次重载 Nginx ==="
+nginx -t && nginx -s reload
+echo ""
+echo "✅ 完成。请刷新 lkdie.com、lytiao.com 测试。"
diff --git a/01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py b/01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py
new file mode 100644
index 00000000..cd0cc064
--- /dev/null
+++ b/01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+腾讯云 TAT：在 kr宝塔 上修复 lkdie 502 + lytiao ERR_CONNECTION_CLOSED（免 SSH）
+凭证：00_账号与API索引.md；依赖：tencentcloud-sdk-python-tat
+"""
+import base64
+import os
+import re
+import sys
+import time
+
+KR_INSTANCE_ID = "ins-aw0tnqjo"
+REGION = "ap-guangzhou"
+
+def _read_creds():
+    d = os.path.dirname(os.path.abspath(__file__))
+    for _ in range(6):
+        root = d
+        if os.path.isfile(os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")):
+            path = os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")
+            with open(path, "r", encoding="utf-8") as f:
+                text = f.read()
+            sid = skey = None
+            in_tx = False
+            for line in text.splitlines():
+                if "### 腾讯云" in line:
+                    in_tx = True
+                    continue
+                if in_tx and line.strip().startswith("###"):
+                    break
+                if not in_tx:
+                    continue
+                m = re.search(r"\|\s*[^|]*(?:SecretId|密钥)[^|]*\|\s*`([^`]+)`", line, re.I)
+                if m and m.group(1).strip().startswith("AKID"):
+                    sid = m.group(1).strip()
+                m = re.search(r"\|\s*SecretKey\s*\|\s*`([^`]+)`", line, re.I)
+                if m:
+                    skey = m.group(1).strip()
+            return sid or None, skey or None
+        d = os.path.dirname(d)
+    return None, None
+
+SHELL = r'''#!/bin/bash
+set -e
+echo "=== 1. 重载 Nginx + 重启 PHP-FPM ==="
+nginx -t && nginx -s reload
+for svc in php-fpm-56 php-fpm-74 php-fpm-80 php-fpm-82 php-fpm php-fpm7.4; do
+  systemctl restart $svc 2>/dev/null && echo "  已重启 $svc" && break
+done
+echo "=== 2. 添加 lytiao redirect 配置 ==="
+C=/www/server/panel/vhost/nginx/lytiao_root.conf
+if [ ! -f "$C" ]; then
+  printf '%s\n' 'server { listen 80; listen [::]:80; server_name lytiao.com www.lytiao.com; return 301 https://zhijipro.lytiao.com$request_uri; }' 'server { listen 443 ssl; listen [::]:443 ssl; server_name lytiao.com www.lytiao.com; ssl_certificate /www/server/panel/vhost/cert/zhijipro.lytiao.com/fullchain.pem; ssl_certificate_key /www/server/panel/vhost/cert/zhijipro.lytiao.com/privkey.pem; return 301 https://zhijipro.lytiao.com$request_uri; }' > "$C"
+  echo "  已创建 $C"
+fi
+nginx -t && nginx -s reload
+echo "=== 完成 ==="
+'''
+
+def main():
+    sid = os.environ.get("TENCENTCLOUD_SECRET_ID")
+    skey = os.environ.get("TENCENTCLOUD_SECRET_KEY")
+    if not sid or not skey:
+        sid, skey = _read_creds()
+    if not sid or not skey:
+        print("❌ 未配置腾讯云 SecretId/SecretKey")
+        return 1
+    try:
+        from tencentcloud.common import credential
+        from tencentcloud.tat.v20201028 import tat_client, models
+    except ImportError:
+        print("pip install tencentcloud-sdk-python-tat")
+        return 1
+    cred = credential.Credential(sid, skey)
+    client = tat_client.TatClient(cred, REGION)
+    req = models.RunCommandRequest()
+    req.Content = base64.b64encode(SHELL.encode()).decode()
+    req.InstanceIds = [KR_INSTANCE_ID]
+    req.CommandType = "SHELL"
+    req.Timeout = 60
+    req.CommandName = "FixLkdieLytiao"
+    resp = client.RunCommand(req)
+    print("✅ TAT 已下发 InvocationId:", resp.InvocationId)
+    print("  等待 45s...")
+    time.sleep(45)
+    try:
+        req2 = models.DescribeInvocationTasksRequest()
+        f = models.Filter()
+        f.Name = "invocation-id"
+        f.Values = [resp.InvocationId]
+        req2.Filters = [f]
+        r2 = client.DescribeInvocationTasks(req2)
+        for t in (r2.InvocationTaskSet or []):
+            print("  状态:", getattr(t, "TaskStatus", ""))
+            if hasattr(t, "Output") and t.Output:
+                print("  输出:", t.Output[:500] if len(t.Output or "") > 500 else t.Output)
+    except Exception as e:
+        print("  查询:", e)
+    return 0
+
+if __name__ == "__main__":
+    sys.exit(main())
diff --git a/运营中枢/工作台/gitea_push_log.md b/运营中枢/工作台/gitea_push_log.md
index aed29529..ddfd6aa9 100644
--- a/运营中枢/工作台/gitea_push_log.md
+++ b/运营中枢/工作台/gitea_push_log.md
@@ -53,3 +53,4 @@
 | 2026-02-22 05:46:11 | 🔄 卡若AI 同步 2026-02-22 05:46 | 更新：金仓、运营中枢工作台 | 排除 >20MB: 5 个 |
 | 2026-02-22 05:58:01 | 🔄 卡若AI 同步 2026-02-22 05:57 | 更新：金仓、水桥平台对接、运营中枢工作台 | 排除 >20MB: 5 个 |
 | 2026-02-22 05:58:39 | 🔄 卡若AI 同步 2026-02-22 05:58 | 更新：金仓、运营中枢工作台 | 排除 >20MB: 5 个 |
+| 2026-02-22 05:59:00 | 🔄 卡若AI 同步 2026-02-22 05:58 | 更新：金仓、水溪整理归档、运营中枢工作台 | 排除 >20MB: 5 个 |
diff --git a/运营中枢/工作台/代码管理.md b/运营中枢/工作台/代码管理.md
index 4ce085bd..c4e1a1b6 100644
--- a/运营中枢/工作台/代码管理.md
+++ b/运营中枢/工作台/代码管理.md
@@ -56,3 +56,4 @@
 | 2026-02-22 05:46:11 | 成功 | 成功 | 🔄 卡若AI 同步 2026-02-22 05:46 | 更新：金仓、运营中枢工作台 | 排除 >20MB: 5 个 | [仓库](http://open.quwanzhi.com:3000/fnvtk/karuo-ai) [百科](http://open.quwanzhi.com:3000/fnvtk/karuo-ai/wiki) |
 | 2026-02-22 05:58:01 | 成功 | 成功 | 🔄 卡若AI 同步 2026-02-22 05:57 | 更新：金仓、水桥平台对接、运营中枢工作台 | 排除 >20MB: 5 个 | [仓库](http://open.quwanzhi.com:3000/fnvtk/karuo-ai) [百科](http://open.quwanzhi.com:3000/fnvtk/karuo-ai/wiki) |
 | 2026-02-22 05:58:39 | 成功 | 成功 | 🔄 卡若AI 同步 2026-02-22 05:58 | 更新：金仓、运营中枢工作台 | 排除 >20MB: 5 个 | [仓库](http://open.quwanzhi.com:3000/fnvtk/karuo-ai) [百科](http://open.quwanzhi.com:3000/fnvtk/karuo-ai/wiki) |
+| 2026-02-22 05:59:00 | 成功 | 成功 | 🔄 卡若AI 同步 2026-02-22 05:58 | 更新：金仓、水溪整理归档、运营中枢工作台 | 排除 >20MB: 5 个 | [仓库](http://open.quwanzhi.com:3000/fnvtk/karuo-ai) [百科](http://open.quwanzhi.com:3000/fnvtk/karuo-ai/wiki) |